#!/bin/sh
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.

# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
TIME_INTERVAL=10
HITCOUNT=10

local wan_if=$(uci get network.wan.ifname)

iptables -N PORTSCAN
iptables -I INPUT -i $wan_if -p tcp -m state --state NEW -j PORTSCAN
iptables -A PORTSCAN -m recent --set --name BADGUYS
iptables -A PORTSCAN -m recent --update --seconds $TIME_INTERVAL --hitcount $HITCOUNT --name BADGUYS -j DROP
iptables -A PORTSCAN -m recent --name PORTSCAN --remove
